Security

Last updated: May 2026

Reporting a vulnerability

Found something? Please report it privately rather than opening a public issue. We aim to acknowledge reports within three business days.

Email: [email protected]

Threat model

Public tools (/create-share, /decrypt). The secret and every key portion are processed entirely in your browser. The server never receives the raw secret or any portion during these flows. You can verify this by opening DevTools → Network and watching: no traffic leaves your machine when you click Split secret or Recover secret.

Portal (/portal). Authenticated members may store encrypted secrets and trigger team-based decryption requests. Server-side trust is required for this flow; per-member portions are held server-side and combined on demand. Every decryption is recorded in the organization audit log.

Verify our cryptography SRI-pinned

Every browser-side library we ship is loaded with a Subresource Integrity (SRI) hash. If any of these files were ever modified — by us, by an attacker compromising our infrastructure, or by a tampering proxy — your browser would refuse to execute them.

You can verify the hashes match by inspecting the integrity="sha384-…" attribute on the <script> tags in create-share.html and decrypt.html, or compute them yourself:

$ curl -s https://shattr.ai/js/shattr-core.js \
    | openssl dgst -sha384 -binary \
    | openssl base64 -A

File	SHA-384 (SRI)
secrets.min.js Shamir's Secret Sharing (secrets.js-grempe)	`sha384-xfBMbh8fdSIrQ9XbZARwZ5z/Eh9zC7gsgG5vSE331lZSjgXQob1KxM4m7vEdH0e0`
qrcode-generator.js QR encoding for portions	`sha384-8FWZA6BGMXhsfO+BLtrJK0We6gg5o1JyO8xQm6peWDEUs17ACA5ziE/NIAkl9z2k`
jsQR.js Camera QR scanning	`sha384-b5Ya4Bq3qCyz39m2ISh+4DxjAIljdeFwK/BsXLuj9gugaNwAcj/ia15fxNZL9Nlx`
bip39-en.js BIP-0039 English word list	`sha384-LD9tH4X8x/La8FXzSGuKZ8gfgcAln0TtFhbjAcVZMtmpeRYrsvKZudPLqMAnkImr`
shattr-core.js Our wrapper: split/combine, mnemonic, QR	`sha384-/Q0zIBuq6Bv74CQ91vUFhIDzdm7EW8zDkw9VqTo+lh6Ux6Bm2ix2GGuMA+JGMo/r`

Base-image pinning

Our nginx and Node container base images are pinned by SHA-256 digest, so that CI builds cannot silently inherit a moved tag. Bumps are deliberate and accompanied by a CVE review against published advisories for each new image.

Dependency watch-list

These dependencies have no published advisories as of the last review (2026-05-22) but are tracked here because their upstreams have stopped releasing updates. Absence of advisories is not a guarantee of safety; reviews happen quarterly.

shamirs-secret-sharing (server-side, jwerle, 2019) — uses Node crypto.randomBytes.
secrets.js-grempe (browser-side, 2019) — uses window.crypto.getRandomValues.
jsQR (cozmo, 2022) — QR scanning only; no parser attack surface against the rest of the page.
qrcode-generator (kazuhikoarase, 2022) — pure encoder, no parser attack surface.

HTTP response headers

Every response from shattr.ai ships with a strict Content-Security-Policy, X-Frame-Options: DENY, Referrer-Policy: no-referrer, X-Content-Type-Options: nosniff, and a tight Permissions-Policy. You can verify by running curl -sI https://shattr.ai/.